Provvedimento del garante e log dei Firewall Checkpoint
Come sapete il provvedimento del garante richiede di monitorare gli accessi ai sistemi informatici, tra questi uno dei piu’ critici e’ sicuramente il vostro firewall, come fare a monitorare gli accessi in presenza di un firewall Checkpoint ? Vediamolo insieme:
In questo caso abbiamo un cluster di firewall Checkpoint basati su Sistema operativo IPSO che e’ un derivato da FreeBSD. Essendo un OS Unix like, abbiamo il processo syslogd che opportunamente configurato puo’ redirigere i messaggi di autenticazione verso NetEye.
Prima cosa da fare e’ modificare /etc/syslog.conf , che di norma si presenta in questo modo
#This file was AUTOMATICALLY GENERATED
#Generated by /bin/syslog_xlate on Mon Jan 12 19:11:49 2004
#
#DO NOT EDIT – EDITED TO SEND MESSAGES BASED ON FACILITY
#
*.err;auth.debugadmin
*.notice;cron.*;auth.info;kern.debug/var/log/messages
*.emerg*
*.err;auth.notice;kern.debug/dev/console
aggiungiamo in fondo la riga
auth.* @10.10.1.120
dove 10.10.1.120 e’ l’ indirizzo del NetEye, ricordatevi che tra auth.* e @10.10.1.120 devono essere separati da almeno un TAB.
A questo punto e’ sufficiente riavviare il syslogd e tutto dovrebbe funzionare.
Per essere sicuri che la modifica sia valida anche al prossimo riavvio del Firewall ( IPSO tende a sovrascrivere i file modificati manualmente), e’ necessario salvarsi il file modificato e ricopiarlo ad ogni avvio del firewall.
Un sistema puo’ essere il seguente; copiate il file originale in un posto sicuro
cp /etc/syslog.conf /var/admin/syslog.bak
modificate il file /var/etc/rc.local (che viene eseguito durante la procedura di reboot) ed inserite le seguenti righe:
questa procedura si occupa di ricopiare il file che avete salvato nella sua posizione originale e riavviare il demone del syslog.
Se avete fatto tutto correttamente il firewall inviera’ le informazioni relative agli accessi al NetEye; ricordatevi che se avete un cluster dovete ripetere l’ operazione su ogni nodo.
Hi everybody, I’m Andrea and my contribution to this blog is to give hints of the monitoring issue from an IT manager point of view. I was born in Bolzano in 1965 and my professional path started 25 years ago operating on the technical field as programmer, system/database administrator, network engineer, consultancy and so on. I’ve been living in Milan for 10 years working for multinational IT companies and I decided to return to Bolzano after my marriage and the birth of my daughter.
I love sailing and diving in the summer, skiing in the winter and travelling off-road with my Landcruiser anytime
Author
Andrea di Lernia
Hi everybody, I’m Andrea and my contribution to this blog is to give hints of the monitoring issue from an IT manager point of view. I was born in Bolzano in 1965 and my professional path started 25 years ago operating on the technical field as programmer, system/database administrator, network engineer, consultancy and so on. I’ve been living in Milan for 10 years working for multinational IT companies and I decided to return to Bolzano after my marriage and the birth of my daughter.
I love sailing and diving in the summer, skiing in the winter and travelling off-road with my Landcruiser anytime
Scenario NetEye 4 is a comprehensive monitoring platform which natively supports Business Processes. A Business Process is an abstract view of a customer’s business from the Application point of view. Usually, it’s a collection of Icinga 2 checks aggregated by Read More
On February 3rd and 4th, 2024, we attended FOSDEM, a major event where thousands of free and open-source software developers from around the world gather to exchange ideas and collaborate. This year I dedicated much of the second day to Read More
Introduction: Unveiling Elastic APM in Containerized Environments In today's dynamic digital landscape, where every interaction matters, understanding the intricacies of application performance has become paramount. Elastic APM is a powerful toolset within the Elastic Stack included in the NetEye SIEM Read More
In this article, we’ll explore how to configure the “Agent Binary Download” setting and set up your own artifact registry for binary downloads within a NetEye cluster. Prerequisites Before we begin, ensure you have the following prerequisites in place: Your Elastic Agents Read More
We fixed the following issues in the integration between NetEye and Alyvix. Test Case file selection dropdown We fixed an issue in the Test Cases view for which, when switching between the Test Cases of different nodes, the wrong Test Read More